Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Block specific websites and file types?

Status
Not open for further replies.
bristolxyz

bristolxyz

MIS
Aug 6, 2003
83
US
It anwered part of the following question, but...

Part 1) What I want to do is block specific websites from access (ebay, some shopping sites, etc). I have a PIX 515, no other servers or equipment that would interfere.

Part 2) What about blocking specific file types, such as users trying to download mp3's and wmv files..?

Best regards,

Paul


CTO
MSCE, CCNA, Novell, Symantec SS


CTO
MSCE, CCNA, Novell, Symantec SS
 
Sort by date Sort by votes
Assuming that you don't want to maintain ACL object-groups for all the blocked sites, you can use WebSense or N2H2, which work with the Pix. I believe that they also do other filtering, such as file type or at least extension.
 
Upvote 0 Downvote
Is there an ISO command to do the same thing?

CTO
MSCE, CCNA, Novell, Symantec SS
 
Upvote 0 Downvote
For filetypes, I don't think so. For web sites:

object-group network bad-sites
network-object host <address1>
network-object host <address2>
...etc...

access-list outside_inbound deny tcp object-group bad-sites any eq www

But, this will get huge.

If you're running an internal DNS server, then you can use the second-worst way: Add zones for the domains that you wish to block.

There's no other way within the Pix to do it. Everything else requires an external server- proxy, filtering or dns. There may be no software cost, but there does have to be an external server to understand URLs.
 
Upvote 0 Downvote
I looked into websense, kind of expensive, but I would imagine that it would save resources and money in the end.

What about blocking specific file types, such as users trying to download mp3's and wmv files..? Is there a simple command to block all mp3 or wmv traffic...


CTO
MSCE, CCNA, Novell, Symantec SS
 
Upvote 0 Downvote
No there isn't.

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
That's the thing: the Pix doesn't do URL filtering (filt type downloads are via URL also). The only products which do filtering *and* work directly with the Pix are Websense and N2H2.

I'd suggest a squid proxy in front (inside) of the Pix. Any reasonably modern desktop computer should have enough horsepower, maybe 512mb RAM, and no software cost. I think the major Linux distributions come with squid bundled in.

I will say that there's a very cool thing about using the Pix with the other servers. You can configure the Pix to allow or drop connections when the server's unavailable, so you don't lose the internet if the filtering server's down.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
salanje87
  • Locked
  • Question
Block Broadcast storming.
Replies
3
Views
735
hairlessupportmonkey
hairlessupportmonkey
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
761
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
576
Nitta84
Nitta84
markd885
  • Locked
  • Question
PAC file redirect web page to another gateway
Replies
0
Views
205
markd885
markd885

Part and Inventory Search

Sponsor

Back
Top